package cc.chengheng.controller;

import cc.chengheng.entity.Users;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;

import java.util.ArrayList;
import java.util.List;

@RestController
@RequestMapping("test")
public class TestController {
    @GetMapping("hello")
    public String add() {
        return "hello security";
    }

    @GetMapping("index")
    public String index() {
        return "hello index";
    }

    //@Secured(value = {"ROLE_sale", "ROLE_manager"}) // 用户只有任意一个角色才能访问
//    @PreAuthorize("hasAnyAuthority('manager')")
    @PostAuthorize("hasAnyAuthority('admin')")
    @GetMapping("update")
    public String update() {
        System.out.println("update......");
        return "hello update";
    }


    @GetMapping("getAll")
    @PostAuthorize("hasAnyAuthority('manager')")
    @PostFilter("filterObject.username == 'admin1'") // result：[{"id":1,"username":"admin1","password":"6666"}]
    public List<Users> getAllUser() {
        ArrayList<Users> list = new ArrayList<>();
        list.add(new Users(1, "admin1", "6666"));
        list.add(new Users(2, "admin2", "888"));
        return list;
    }

}
